On Fri, Jul 1, 2022 at 1:08 PM Javier Martinez Canillas <javierm@xxxxxxxxxx> wrote: > > Hello, > > Peter Robinson reported me a kernel bug in one of his aarch64 test boards > and even though I was not able to reproduce it, I think that figured out > what the problem was. It seems the cause is that a DRM driver doesn't set > some of the struct drm fields copied to userspace via DRM_IOCTL_VERSION. > > Even though this is a driver bug, we can make drm_copy_field() more robust > and warn about it instead of leading to an attempt to copy a NULL pointer. > > While looking at this, I also found that a variable in drm_copy_field() is > not using the correct type. So I included that change in the patch-set too. > > Best regards, > Javier For the series Tested-by: Peter Robinson <pbrobinson@xxxxxxxxx> > > Javier Martinez Canillas (2): > drm: Use size_t type for len variable in drm_copy_field() > drm: Prevent drm_copy_field() to attempt copying a NULL pointer > > drivers/gpu/drm/drm_ioctl.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > -- > 2.36.1 >
